Archives

Categories

Understanding WordPress security

Published March 21, 2016 by rdeeb

It’s not a secret that I love working with WordPress, but I’ve been getting a lot of negative feedback from my peers about the security issues on WordPress, so I decided to make these series of posts to explain a bit more on how to protect your site.

What this series is not about?

I will not be covering anything on Network, Hardware or Operative System Security. No firewall configurations or anything fancy like that, all we are going to see is at WordPress level, a lot of the time you will find a WordPress installation on a shared host, where you can’t change or decide any of these configurations.

WordPress security

WordPress is one of the most used, if not the most used CMS / Blogging system on the web, this makes it the #1 objective of hackers that may want to take control of your website to inject malicious software for either distribute viruses (trojans, ransomware) or use take control of your site for personal reasons.

But it’s not all bad, being one of the most used systems on the web, brings it’s perks; one of them comes in the form of one of the biggest communities on the web. They take security very seriously, and a lot of time they solve day 0 vulnerabilities (New security issues) on the first day.

I’ve worked with other CMS systems, with tiny communities, and discovering and solving this security issues is a bit slower, leaving your site exposed for longer time.

WordPress Updates

This brings us to our first action item on improving our website security, and is the most basic one and sometimes one of the most over looked, keep up to date your WordPress installation. The WordPress community works very hard on fixing any newly discovered security issues, and delivering them to you as fast as possible, and it’s your responsibility to stay up to date. There are also a few plugins that can take care of this for you, but we will cover them in detail on later posts of these series.

Conclusion

We will cover different security tips on these series of posts but this is the simplest and the #1 on the list, because a vulnerable installation of WordPress can easily be hacked if the exploit is publicly available. Hope you like this introduction and we will talk again on the next post.